A method for realizing full-link encryption agent using event certificate

A full-link, user-certificate technology, which is applied in the field of using event certificates to realize full-link encryption proxy, can solve problems such as cross-trust domains, and achieve the effect of improving security and short validity period

Active Publication Date: 2022-08-09
北京格尔国信科技有限公司
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method only needs to use the standard SSL protocol for the application, and can realize the audit of the application server to the end user and the SSL proxy server without the need for other services, and also solves the problem of cross-trust domains in the interconnection between different CAs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for realizing full-link encryption agent using event certificate
  • A method for realizing full-link encryption agent using event certificate
  • A method for realizing full-link encryption agent using event certificate

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] In order to make the technical means, creation features, achieved goals and effects of the present invention easy to understand, the following describes how to implement the present invention in conjunction with specific drawings.

[0026] (1) Digital certificate issuance and trust domain

[0027] Use the root CA to issue secondary user certificate CA and event certificate CA. The user certificate CA is used to issue user certificates, and the event CA server is used to issue event certificates. The user certificate CA and event CA certificate chain are trusted by the application server in the enterprise intranet. Trust the user certificate CA on the SSL proxy server.

[0028] (2) User access process

[0029] see image 3 , deploy a forward or reverse SSL proxy server at the network boundary, the CA server is used to issue event certificates, the atomic clock provides the time source, and the SSL proxy server, CA server and application server synchronize time to the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for realizing full-link encryption proxy by using event certificate, which includes establishing an SSL encryption tunnel based on digital certificate between a browser and an SSL proxy server, and then in the SSL proxy server, it is linked with a CA server to dynamically generate An event certificate is associated with this SSL session to complete the SSL encryption tunnel with the back-end application server, so that the back-end application server can perform secondary authentication for users and further perform fine-grained access control and single sign-on. The event certificate can be used to realize the one-time-password session between the SSL proxy server and the application server, and make the authentication ID consistent with the user ID of the original visitor. Features such as short validity period. The SSL proxy server adopts the event certificate method to achieve micro-isolation from users to applications, and also improves the access control capability and audit transparency of the entire system.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a method for realizing a full-link encryption agent by using an event certificate for identity authentication and link encryption of network communication. Background technique [0002] Traditional network security believes that attackers mainly come from external networks, and deploying strict monitoring equipment at the network entrance, such as firewalls, VPNs, and antiviruses, can reduce attacks from external networks. In the corporate intranet, the network is considered to be safe because most of the external hacker attacks are blocked. [0003] In order to protect the safe transmission of enterprise sensitive data in the Internet, the general network border adopts digital authentication and access control system to provide external services, such as online banking, mobile office and so on. like figure 1 The shown client and the SSL proxy server comple...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L9/32
CPCH04L63/0823H04L63/0442H04L63/0471H04L63/0884H04L9/3268H04L63/168H04L63/0281
Inventor 朱振中陈磊贺红杰
Owner 北京格尔国信科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap